vmm: x86: allow guests to poke MSR_IA32_PRED_CMD (XCC)

This is the Indirect Branch Predictor Barrier (IBPB). Writing to it similar to a cache flush, in that there are no effects or settings that persist in the processor, such that we would be worried about letting the guest use the same MSR as the kernel. Guests who detect support for IBPB in CPUID may try and use this MSR on context switches. Letting them do so is harmless. In the future, if we decide to pretend to be a different processor or otherwise lie about CPUID values, then this would be a mechanism for guests to detect IBPB support. Reinstall your kernel headers if you want to use the MSRs from userspace, such as in vmxmsr.c. Signed-off-by: Barret Rhoden <brho@cs.berkeley.edu>
brho · Aug 22, 2019 · 446203f · 446203f
1 parent a06b628
commit 446203f
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 0 deletions.
diff --git a/kern/arch/x86/ros/msr-index.h b/kern/arch/x86/ros/msr-index.h
@@ -457,6 +457,8 @@
 #define MSR_IA32_MISC_ENABLE_IP_PREF_DISABLE	(1ULL << 39)
 
 #define MSR_IA32_TSC_DEADLINE		0x000006E0
+#define MSR_IA32_SPEC_CTRL		0x48
+#define MSR_IA32_PRED_CMD		0x49
 
 /* P4/Xeon+ specific */
 #define MSR_IA32_MCG_EAX		0x00000180

diff --git a/kern/arch/x86/vmm/intel/vmx.c b/kern/arch/x86/vmm/intel/vmx.c
@@ -1316,6 +1316,10 @@ int intel_vmm_init(void)
 	__vmx_disable_intercept_for_msr(msr_bitmap, MSR_STAR);
 	__vmx_disable_intercept_for_msr(msr_bitmap, MSR_SFMASK);
 
+	/* If we pretend to be a processor without this cpuid feature, we should
+	 * intercept and inject a GPF. */
+	__vmx_disable_intercept_for_msr(msr_bitmap, MSR_IA32_PRED_CMD);
+
 	/* TODO: this might be dangerous, since they can do more than just read
 	 * the CMOS */
 	__vmx_disable_intercept_for_io(io_bitmap, CMOS_RAM_IDX);